Short Notes on AWS

From PaskvilWiki
Revision as of 15:29, 30 August 2019 by Admin (Talk | contribs)

Jump to: navigation, search

Can't connect to EC2 instance

The obvious 2 problems with incoming requests, that are outside of AWS's scope:

  • check the instance's firewall
  • check that the app is listening to all incoming (0.0.0.0/0 or your IP, not just 127.0.0.1)

On the AWS side, check the following:

  • make sure the Elastic IP is associated with the instance
    • find the instance in the EC2 > Instances
    • look under Description tab, Elastic IP
    • if it's not, go to EC2 > Elastic IPs
    • choose Elastic IP from the list (or, allocate new on) that is not associated with any instance
    • choose Actions > Associate address, and associate it with the instance
  • make sure Security group permissions allow the connection
    • go to EC2 > Security Groups
    • select the security group (you can find which security group instance is in in the list on EC2 > Instances page, last column)
    • on the Inbound tab, check that your protocol is enabled for Source 0.0.0.0/0 (or from your IP)
  • make sure your Internet Gateway is connected to your VPC
    • make sure the Internet Gateway is attached to your VPC, under VPC > Internet Gateways > Summary tab
    • go to VPC > Route Tables, select route table for your VPC
    • under Routes tab, make sure that route with destination 0.0.0.0/0, with Target being your internet gateway, exists and is Active

Authorization header being removed by ElasticBeanstalk

By default, AWS ElasticBeanstalk's WSGI server strips Authorization header from requests.

To get these back, just plug your wsgi config file through .ebextensions, adding a wsgi.authorization.config file, with the following content:

files:
    "/etc/httpd/conf.d/wsgiauth.conf":
        mode: "000644"
        owner: root
        group: root
        content: |
            WSGIPassAuthorization On

IAM Notes

  • you need policy AmazonRDSReadOnlyAccess for your IAM to be able to list RDS instances